WikiLeaks has released a new set of documents from its Vault 7 series, this time detailing a tool that the CIA allegedly uses to spread malware on a targeted organization's network.

Appropriately called "Pandemic," the tool can install a file system filter driver on a network, replacing legitimate files with malicious payload when they are accessed remotely via the Server Message Block (SMB) protocol.

"Pandemic does NOT//NOT make any physical changes to the targeted file on disk. The targeted file on the system Pandemic is installed on remains unchanged. Users that are targeted by Pandemic, and use SMB to download the targeted file, will receive the 'replacement' file," reads the tool's description.

This makes this tool a rather interesting one to have since it is particularly difficult to identify infected systems. Since Pandemic replaces files while in transit, instead of modifying them on the device the malware is running on, the legitimate files remain unch... (read more)